package com.maple.admin.controller;

import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.ExcessiveAttemptsException;
import org.apache.shiro.authc.IncorrectCredentialsException;
import org.apache.shiro.authc.UnknownAccountException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.subject.Subject;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.ResponseBody;
import org.springframework.web.servlet.ModelAndView;

import com.maple.admin.misc.cookie.util.CookieHelper;
import com.maple.admin.user.dto.UserDTO;
import com.maple.admin.user.service.IAccountService;

@Controller
@RequestMapping("/")
public class LoginController {
	
	@Autowired
	IAccountService acctService;
	
	/**
	 * show login page
	 * @param request
	 * @param response
	 * @return
	 */
	@RequestMapping(value="/loginPage",method=RequestMethod.GET)
	@ResponseBody
	public ModelAndView myShowLoginPage(HttpServletRequest request, HttpServletResponse response){
		ModelAndView mv = new ModelAndView();
		mv.setViewName("/login");
		return mv;
	}
	
	/**
	 * process login info
	 * @param request
	 * @param response
	 * @return
	 */
	@RequestMapping(value="/loginPage",method=RequestMethod.POST)
	@ResponseBody
	public ModelAndView myProcessLoginInfo(HttpServletRequest request, HttpServletResponse response) {
		ModelAndView mv = new ModelAndView();
		mv.setViewName("/starter_iframe");
		// login begins
		try {
			String username = request.getParameter("username");
			String password = request.getParameter("password");
			UserDTO userDTO;
			try {
				userDTO = acctService.queryUserByLoginName(username);
			} catch (IndexOutOfBoundsException e) {
				// TODO Auto-generated catch block
				throw new UnknownAccountException("没找到该用户名的信息："+username);
			}
			UsernamePasswordToken token = new UsernamePasswordToken(username, password);
			Subject currentUser = SecurityUtils.getSubject(); 
			currentUser.login(token);
		} catch (Exception e) {
			// TODO Auto-generated catch block
			String exClsName = e.getClass().getName();
			String errorMsg = "登陆出错："+ exClsName;
			mv.setViewName("/oops");
			if(e instanceof UnknownAccountException){
				errorMsg = "未知账号:"+e.getMessage();
			}
			if(e instanceof IncorrectCredentialsException){
				errorMsg = "账号/密码不匹配:"+e.getMessage();
			}
			if(e instanceof ExcessiveAttemptsException){
				errorMsg = "尝试登陆太多:"+e.getMessage();
			}
			if(e instanceof AuthenticationException){
				errorMsg = "身份认证异常:"+e.getMessage();
			}
			mv.addObject("errorMsg", errorMsg);
		} 
		// add user cookie if authenticated
		Subject currentUser = SecurityUtils.getSubject(); 
		if(currentUser.isAuthenticated()){
			String userName = (String) currentUser.getPrincipal();
			Cookie c = CookieHelper.getInstance().createCookie("display_name", userName);
			response.addCookie(c);
		}
		// login ends
		return mv;
	}

}
